Security Implications Associated with Mass Notification Systems

17  Download (0)

Full text

(1)
(2)

Cyber infrastructure: Includes electronic information and communications systems and

services and the information contained in these systems and services. Information and

communications systems and services are composed of all hardware and software that

process, store, and communicate information, or any combination of all of these

elements. Processing includes the creation, access, modification, and destruction of

information. Storage includes paper, magnetic, electronic, and all other media types.

Communications include sharing and distribution of information. For example: computer

systems; control systems; networks, such as the Internet; and cyber services (e.g.,

managed security services) are part of cyber infrastructure.

1

Cover

Cyber risk challenges

Components of security strategy

MNS Security concerns

Mechanisms that may be deployed to mitigate the risks to an MNS system.

UL 2572 security measures

Example : Electrical Grid recent cybersecurity history

(3)

Cyber Risk Challenges

(4)

Cyber Risk Challenges

(5)

Cyber Risk Challenges

(6)

Why Security?

Why did we put brakes in a car?

Primary impulse answer:

TO STOP

Another answer:

TO GO FASTER

Cybersecurity measures are like brakes, they can advance the use of

products in a safe and secure manner.

(7)

Threats, Vulnerabilities and Risks

Threat

Vulnerability

Opportunity

Risk

A threat is any action whether intended or not, to infiltrate the workings of a system

A general understanding of who might attack what assets  Nation-States

 Professional – Usually performing theft, espionage or malicious activity

 Hobbyist – Hack into products and systems without the intent to perform criminal or malicious activity outside of the hacking act itself.

 Malware – automated attack software.  Employees

A defined flaw in security measures whether by design or how the product or service is implemented that can be exploited.

 Unpatched published vulnerabilities  Remote control protocols

 Web services  Buffer overflows

 Weak or improper Authentication mechanisms  Improper Authorization (access control)

 Credential control

 Messaging manipulation and injection  SQL injection into data historians The asset to be appropriated

 Control center control  Device control

(8)

Components of a Security Strategy

Identify the security objectives of an MNS system

Availability

– disruption of access to information from an MNS

Integrity

– unauthorized modification of information from an MNS

Confidentiality – unauthorized disclosure of information from an MNS

(9)
(10)

Mass Notification Security Concerns

Communication

s Protocol

Common Design Vulnerabilities

Sensors/actuators have no

inherent security.

Control panels have limited

untested security.

Remote accessibility to control

panels and server software.

Non-secure firmware updates.

Open ports on devices and

services.

Tamper detection and/or

resistance is minimal

Web services

Poor coding practices

Disable unused physical and

logical ports.

Fuzz testing on all ports.

All ports should require

authentication.

Test factory defaults while in

operation.

No “hard coded” passwords.

Firmware upgrades must be

secure - Digital signatures.

Include tamper detection

technologies.

Enforce secure coding practices.

Perform an independent security

source code audit.

Obfuscation

(11)

Mass Notification Security Concerns

Communication

s Protocol

Implementation Vulnerabilities

Limited patching and testing of

new patches

Use of default passwords

Incorrect configuration use

Networks are now “connected”

to the outside world

Patch management

Secure workstations, servers

with known IT practices and

policies

Whitelisting and blacklisting

Auditing trails with alerts

Network penetration testing

Review of audit logs, security

policies

Independent vulnerability and

cyber-security assessments

Intrusion detection and

prevention reviews

(12)

Mass Notification Security Concerns

Communication

s Protocol

Communications

Communication lines allow for

• Line Sniffing(Eavesdropping)

• Man in the middle injection

• Denial of Service

• Spoofing/Masquerading

• Record and replay

Credentials that are not secured

• Cryptography and Credential

security

• Test and implement against

known standards – FIPS 140

• Secure Authentication/Non

Repudiation

• Data filtering and discarding

(13)

UL 2572 Data Security Measures

1. Security and Data Protection

Evidence of a certificate of compliance - Security functions shall be one or more of the following:

Symmetric key encryption functions. Asymmetric key signature functions. Message Authentication functions. Hashing functions.

2. Communication Security

Communication Security Level 1 - Independent Dedicated Network. Communication Security Level 2 - Non-Dedicated Private Network. Communication Security Level 3 - Non-Dedicated Public Network.

3. Stored Data Security

Passwords.

DRMNS contact data. System configuration data. Audit logs and reports. ECS/MNS messages.

The stored data shall be protected by minimum security functions

4. Access Control Security

Password/PIN with a minimum of 1000 combinations.

Password/PIN minimum length of 8 characters, each of at least 10 options.

Password/PIN minimum length of 12 characters, each of at least 10 options, or equivalent means (such as 2 factor authentication).

The security means shall have a time out feature ("auto-log-out")

(14)

Password Example

Passwords are stored: Username KEN Password PASSWORD

• Plaintext PASSWORD

• Hash form PASSWORD A3eeF%4zz5JJd

• Salted hashes PASSWORD + <unique> bbGtee$5%FgLopp

• Encrypted PASSWORD sf$%^&aQ

Passwords are attacked via:

• Brute force guessing – dependent on the system responding with a yes or no

• Password cracking – offline processing of a hash (approx hundreds of millions password guesses a second) • Precomputed hash attack – rainbow and lookup tables of all possible hashes are searched

• Pass the hash – gain access to the hash or alter the hash

MD5, SHA1 – SHA 512 : good hash algorithm for integrity in a short time, but can be easily identify all hashes possible

MD5

(15)
(16)

Description:

• Develop system-level security requirements for smart grid technology

Approach:

• Architectural team  produce material

• Usability Analysis team  assess effectiveness • NIST, UtiliSec  review, approve

Deliverables:

• Strategy & Guiding Principles white paper • Security Profile Blueprint

• 6 Security Profiles –

AMI Security Profile

• Usability Analysis

Example – Smart Grid

Advanced Security Acceleration Project - SG

Schedule:

June 2009 –

June 2012

Budget:

$3M/year

(

$1.5M Utilities + $1.5M DOE)

Performers:

Utilities,

EnerNex, Inguardians,

SEI, ORNL

Partners:

DOE, EPRI

(17)

THANK YOU.

Ken Modeste

Security and Global Communications

Underwriters Laboratories Inc.

Figure

Updating...

References

Related subjects :